<?php include('../variables/variables.php'); ?>

<?php

$con = mysql_connect($dbserver, $dbuser, $dbpass);
if ($con)
{
	mysql_select_db($db, $con);
	if ($_POST['admin'])
	{
		$admin = true;
		$q = $admin_login_query;
	}
	else
	{
		$admin = false;
		$q = $user_login_query;
	}
	if ($_POST['email'] && $_POST['password'])
	{
		$q = fquery($q, array($_POST['email'], $_POST['password']));
		$result = mysql_query($q);
		mysql_close($con);
		if (mysql_num_rows($result) == 1)
		{
			session_start();
			$row = mysql_fetch_array($result);
			$_SESSION['name'] = $row['name'];
			$_SESSION['admin'] = $admin;
			$_SESSION['id'] = $row['id'];
			header("location: /");
		}
		else
		{
			header("location: /?err=Invalid email or password");
		}
	}
	else
	{
		mysql_close($con);
		header("location: /?err=Invalid email or password");
	}
}

?>
